Government updates guidance on data protection law in event of no-deal

The government has updated its guidance detailing amendments to UK data protection law in the event that the UK leaves the EU without a deal. The EU (Withdrawal) Act 2018 (EUWA) retains the GDPR in UK law. The fundamental principles, obligations and rights that organisations and data subjects have become familiar with will stay the same.

To ensure the UK data protection framework continues to operate effectively when the UK is no longer an EU Member State, the government said it will make “appropriate changes” to the GDPR and the Data Protection Act 2018, details of which are due to be published in the next few weeks.

Simply put, the vast majority of the changes will involve removing references to EU institutions and procedures that will not be directly relevant when the UK is outside the EU. They will be replaced with terms that make sense in a UK context. For example, in general, references to “Union or Member State law” will instead be read as “domestic law”; while references to some decisions made by the EU Commission will be replaced with references to decisions made by the UK government, and so on.


Appropriate changes (Source: Department for Digital, Culture, Media & Sport)

DCMS says these regulations, in the event of a no-deal, would:

• preserve EU GDPR standards in domestic law;

• transitionally recognise all EEA countries (including EU Member States) and Gibraltar as ‘adequate’ to allow data flows from the UK to Europe to continue;

• preserve the effect of existing EU adequacy decisions on a transitional basis;

• recognise EU Standard Contractual Clauses (SCCs) in UK law and give the ICO the power to issue new clauses;

• recognise Binding Corporate Rules (BCRs) authorised before Exit day;

• maintain the extraterritorial scope of the UK data protection framework; and

• oblige non-UK controllers who are subject to the UK data protection framework to appoint representatives in the UK if they are processing UK data on a large scale.

Detailed guidance, such that is currently available, can be obtained here: https://www.gov.uk/government/publications/data-protection-law-eu-exit/amendments-to-uk-data-protection-law-in-the-event-the-uk-leaves-the-eu-without-a-deal-on-29-march-2019

    Share Story:

YOU MIGHT ALSO LIKE


The Future of Risk & Resilience with AI & Data
CLDigital's Co-Founder, Tejas Katwala, joins CIR Magazine to discuss how CLDigital is transforming enterprise risk and resilience. By integrating business processes, AI and data-centric strategies, organisations can move beyond compliance to proactive risk management – simplifying operations, strengthening resilience, and driving business performance. Listen now to explore the future of intelligent risk management.

Investec is disrupting premium finance – Podcast
Investec made waves in entering the premium finance market, where listening and evolving in response to brokers made a real difference.

Advertisement